[all] broken pepe8 jobs caused by bandit 1.7.5

Takashi Kajinami tkajinam at redhat.com
Fri Mar 10 07:27:59 UTC 2023


On Fri, Mar 10, 2023 at 4:20 PM Takashi Kajinami <tkajinam at redhat.com>
wrote:

> fyi;
>
> It seems the new release of bandit (1.7.5) just came out and this
> introduces a new lint rule
> to require defining the timeout parameter for all "requests" calls.
>
> https://github.com/PyCQA/bandit/commit/5ff73ff8ff956df7d63fde49c3bd671db8e821eb
>
> This is currently affecting heat and quick search shows some of the other
> projects contain some code
> not compliant with this rule(barbican, ceilometer, cinder, glance, manila,
> nova, ...).
>
Seems some of these (ceilometer, cinder, glance and manila) are not using
bandit and others(nova) have
the upper version defined. SO it might not affect  limited number of
projects using bandit without upper version
but I'd recommend you check your own projects .


> Also, it seems we do not pin bandit by u-c for some reason this likely
> affects all stable branches.
> Actually I first noticed this when I tried to backport one fix to 2023.1
> branch of heat...
>
> Thank you,
> Takashi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230310/ef7302a2/attachment-0001.htm>


More information about the openstack-discuss mailing list